This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Acegi with applet based PKI

Dec 3rd, 2004, 02:08 PM

In Sweden it's common to use a PKI based system that uses a Java applet and soft certificates (it's called IBM CBT). There is a Java API for the server side, used to delegate the verification and CRL checking to a standalone PKI server.

There is no principal, just a certificate, and the verification will return with surname, given name and a unique ID (In Sweden we use something called Personal number. Everybody has one, and they are unique).

I guess it's like normal HTTPS client certificates, just more complicated.

Acegi Security doesn't provide PKI out of the box, although what you describe is very similar to how the CAS integration works. It just uses a dummy principal object when processing the request, and later populates a proper Authentication object that contains the additional information retrieved from the CAS server during ticket validation.

You could certainly implement an AuthenticationProvider that integrated with PKI. If you do get time to do this, I'd certainly be interested in adding it to the CVS code.